rpm package
suse/chromium&distro=SUSE Package Hub 12 SP2
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2
Vulnerabilities (343)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-6113 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jan 9, 2019 | Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||
| CVE-2018-6112 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jan 9, 2019 | Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2018-6111 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jan 9, 2019 | An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page. | ||
| CVE-2018-6110 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jan 9, 2019 | Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page. | ||
| CVE-2018-6109 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jan 9, 2019 | readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML pa | ||
| CVE-2018-6106 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jan 9, 2019 | An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. | ||
| CVE-2018-6100 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jan 9, 2019 | Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||
| CVE-2018-6097 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jan 9, 2019 | Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. | ||
| CVE-2018-6096 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jan 9, 2019 | A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | ||
| CVE-2018-6093 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jan 9, 2019 | Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2018-6091 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jan 9, 2019 | Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2018-6056 | — | < 64.0.3282.167-52.1 | 64.0.3282.167-52.1 | Jan 9, 2019 | Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||
| CVE-2018-17470 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Jan 9, 2019 | A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||
| CVE-2016-9651 | — | < 55.0.2883.75-2.1 | 55.0.2883.75-2.1 | Jan 9, 2019 | A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||
| CVE-2018-18359 | — | < 71.0.3578.98-80.1 | 71.0.3578.98-80.1 | Dec 11, 2018 | Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2018-18358 | — | < 71.0.3578.98-80.1 | 71.0.3578.98-80.1 | Dec 11, 2018 | Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file. | ||
| CVE-2018-18357 | — | < 71.0.3578.98-80.1 | 71.0.3578.98-80.1 | Dec 11, 2018 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2018-18356 | — | < 71.0.3578.98-80.1 | 71.0.3578.98-80.1 | Dec 11, 2018 | An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-18355 | — | < 71.0.3578.98-80.1 | 71.0.3578.98-80.1 | Dec 11, 2018 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2018-18354 | — | < 71.0.3578.98-80.1 | 71.0.3578.98-80.1 | Dec 11, 2018 | Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. |
- CVE-2018-6113Jan 9, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- CVE-2018-6112Jan 9, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- CVE-2018-6111Jan 9, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
- CVE-2018-6110Jan 9, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.
- CVE-2018-6109Jan 9, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML pa
- CVE-2018-6106Jan 9, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.
- CVE-2018-6100Jan 9, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- CVE-2018-6097Jan 9, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
- CVE-2018-6096Jan 9, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
- CVE-2018-6093Jan 9, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- CVE-2018-6091Jan 9, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- CVE-2018-6056Jan 9, 2019affected < 64.0.3282.167-52.1fixed 64.0.3282.167-52.1
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- CVE-2018-17470Jan 9, 2019affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2016-9651Jan 9, 2019affected < 55.0.2883.75-2.1fixed 55.0.2883.75-2.1
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- CVE-2018-18359Dec 11, 2018affected < 71.0.3578.98-80.1fixed 71.0.3578.98-80.1
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- CVE-2018-18358Dec 11, 2018affected < 71.0.3578.98-80.1fixed 71.0.3578.98-80.1
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
- CVE-2018-18357Dec 11, 2018affected < 71.0.3578.98-80.1fixed 71.0.3578.98-80.1
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- CVE-2018-18356Dec 11, 2018affected < 71.0.3578.98-80.1fixed 71.0.3578.98-80.1
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2018-18355Dec 11, 2018affected < 71.0.3578.98-80.1fixed 71.0.3578.98-80.1
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- CVE-2018-18354Dec 11, 2018affected < 71.0.3578.98-80.1fixed 71.0.3578.98-80.1
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
Page 3 of 18